DDoS attack traffic identification and detection method in SDN (Software Defined Network)

A technology for attacking traffic and detection methods, applied in character and pattern recognition, instruments, digital transmission systems, etc., to achieve the effect of strong practicability, improved accuracy, and high accuracy

Pending Publication Date: 2022-01-11
GUANGDONG UNIV OF TECH
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Therefore, in the face of complex and changeable network traffic in an SDN network, how to more comprehensively and accurately extract the characteristics of DDoS attack traffic and use these features to identify DDoS attack traffic more quickly is challenging.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack traffic identification and detection method in SDN (Software Defined Network)
  • DDoS attack traffic identification and detection method in SDN (Software Defined Network)
  • DDoS attack traffic identification and detection method in SDN (Software Defined Network)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0091] A specific implementation scenario of the present invention is introduced below, the SDN controller selects the Ryu controller, the southbound protocol between the controller and the switch is the OpenFlow protocol, the Net1 network connected to the switch sw1 includes 25 hosts, and the Net2 network connected to the switch sw2 includes 10 hosts. Net1 is the packet sending network, and Net2 is the attacked network. Net1 can send DDoS attack traffic or normal packets to Net2. Use the DDoS attack tool hping3 to send TCP SYN Flood, UDP Flood, and ICMP Flood attack packets from the Net1 network to a specific host on the Net2 network. See the attached network topology diagram figure 1 .

[0092] The present invention provides a method for identifying and detecting DDoS attack traffic under an SDN network, and the method includes the following steps:

[0093] S1: Collect flow table information;

[0094] The flow table information is collected through the OpenFlow protocol,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a DDoS attack traffic identification and detection method under an SDN. The method comprises the following steps: S1, collecting flow table information; S2, calculating a traffic characteristic value with DDoS attack characteristics according to the traffic table information, and converting the traffic characteristic value into characteristic vector data; s3, utilizing the characteristic vector data to construct a random forest model, adopting the constructed random forest model to screen the traffic characteristics with little effect of identifying the DDoS attack, and obtaining an optimal characteristic subset; S4, converting the optimal feature subset into a feature vector Fnew, measuring the feature vector Fnew and the Mahalanobis distance of each node in the feature mode graph, if a node having the nearest Mahalanobis distance with the feature vector Fnew exists, determining that the feature mode corresponding to the node is the category of the feature vector Fnew, and if the category is a benign category, determining that the traffic is normal; otherwise, determining that the traffic is the DDoS attack traffic.

Description

technical field [0001] The invention relates to the technical field of computer network security, and more specifically, relates to a method for identifying and detecting DDoS attack traffic under an SDN network. Background technique [0002] As a future network architecture, the SDN network realizes the separation of the control plane and the forwarding plane. Users can dynamically adjust their own forwarding strategies through the controller according to business requirements, which is highly flexible. But it is precisely because of this characteristic of the SDN network architecture that the controller becomes the center of the entire network and is vulnerable to various network attacks. [0003] DDoS attack is one of the main threats to controller security. When a DDoS attack occurs, the attacker controls the zombie host in the network and sends a large number of invalid network data packets to the network. If there is no matching flow item in the table, these data pack...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40G06K9/62
CPCH04L63/1416H04L63/1458G06F18/24323
Inventor 凌捷周红伟罗玉陈家辉
Owner GUANGDONG UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap